Ubuntu Users Get Massive Kernel Security Updates, More Than 20 Vulnerabilities Patched

Users are urged to update their installations to the new kernel versions as soon as possible.
Ubuntu Massive Kernel Updates

Canonical published today new kernel security updates for all of its supported Ubuntu Linux releases as a massive update that addresses more than 20 security vulnerabilities discovered by various researchers in the upstream kernels.

The new kernel security updates are available for Ubuntu 22.10 (Kinetic Kudu), Ubuntu 22.04 LTS (Jammy Jellyfish), Ubuntu 20.04 LTS (Focal Fossa), Ubuntu 18.04 LTS (Bionic Beaver), as well as Ubuntu 16.04 and Ubuntu 14.04 ESM (Extended Security Maintenance) releases.

The most critical security vulnerability patched in these massive Ubuntu kernel updates is CVE-2022-2663, a flaw discovered by David Leadbeater in the netfilter IRC protocol tracking implementation that could allow a remote attacker to cause a denial of service or bypass firewall filtering. This affects all Ubuntu flavors except for Ubuntu 18.04 LTS, Ubuntu 16.04 ESM, and Ubuntu 14.04 ESM systems running Linux kernel 4.15.

Several security issues patched in this new kernel update affect all supported Ubuntu releases. These include CVE-2022-40307, a race condition found in the EFI capsule loader driver that could lead to a use-after-free vulnerability, and CVE-2022-4095, a use-after-free vulnerability discovered by Zheng Wang and Zhuorao Yang in the RealTek RTL8712U wireless driver.

The same goes for CVE-2022-3586, a use-after-free vulnerability discovered by Gwnaun Jung in the SFB packet scheduling implementation, and CVE-2022-20421, a race condition found in the Android Binder IPC subsystem that could lead to a use-after-free vulnerability. All these issues could allow a local attacker to cause a denial of service (system crash) or execute arbitrary code.

Three other security flaws affected Ubuntu 22.10, Ubuntu 22.04 LTS and Ubuntu 20.04 LTS systems running Linux kernel 5.15, as well as Ubuntu 20.04 LTS and Ubuntu 18.04 LTS systems running Linux kernel 5.4. These could allow local attackers to cause a denial of service (system crash or memory exhaustion) or execute arbitrary code.

They are CVE-2022-43750, an issue discovered in the USB monitoring (usbmon) component, CVE-2022-3303, a race condition discovered in the sound subsystem, as well as CVE-2022-3646 and CVE-2022-3544, two flaws found in the NILFS2 file system implementation.

Also patched in the new kernel security updates is CVE-2022-3649, a use-after-free vulnerability discovered by Khalid Masum in the NILFS2 file system implementation, which affected only Ubuntu 22.10 systems running Linux kernel 5.19, as well as Ubuntu 22.04 LTS and Ubuntu 20.04 LTS systems running Linux kernel 5.15. This flaw could allow a local attacker to cause a denial of service or execute arbitrary code.

An integer overflow vulnerability, CVE-2022-39842, affected only Ubuntu 22.04 LTS and Ubuntu 20.04 LTS systems running Linux kernel 5.15, and Ubuntu 20.04 LTS and Ubuntu 18.04 LTS systems running Linux kernel 5.4. This was discovered by Hyunwoo Kim in the PXA3xx graphics driver, allowing a local attacker to cause a denial of service (system crash).

The same goes for CVE-2022-3061, a divide-by-zero vulnerability discovered in the Intel 740 frame buffer driver, which could also allow a local attacker to cause a denial of service (system crash). However, this flaw also affected Ubuntu 18.04 LTS, Ubuntu 16.04 ESM, and Ubuntu 14.04 ESM systems running Linux kernel 4.15.

Another interesting flaw patched in the new Ubuntu kernel updates is CVE-2022-39188, a race condition discovered by Google Project Zero’s Jann Horn in the Linux kernel when unmapping VMAs in certain situations, which could result in possible use-after-free vulnerabilities. This flaw affected only Ubuntu 22.04 LTS and Ubuntu 20.04 LTS systems running Linux kernel 5.15, as well as Ubuntu 18.04 LTS, Ubuntu 16.04 ESM, and Ubuntu 14.04 ESM systems running Linux kernel 4.15, and could allow a local attacker to cause a denial of service (system crash) or execute arbitrary code.

The new kernel updates also patch CVE-2022-0171, a security issue affecting only Ubuntu 22.04 LTS and Ubuntu 20.04 LTS systems running Linux kernel 5.15 and discovered by Mingwei Zhang in the KVM implementation for AMD processors, which could allow a local attacker to cause a denial of service (host system crash), as well as CVE-2021-4159, a flaw found in the BPF verifier that only affects Ubuntu 18.04 LTS, Ubuntu 16.04 ESM, and Ubuntu 14.04 ESM systems running Linux kernel 4.15 and could allow a local attacker to expose sensitive information (kernel memory).

Seven other security issues were patched in the Linux 5.19 kernel of Ubuntu 22.10. These include CVE-2022-3541, a read-after-free vulnerability discovered in the Sunplus Ethernet driver that could allow an attacker to expose sensitive information (kernel memory), CVE-2022-3543, a memory leak in the Unix domain socket implementation that could allow a local attacker to cause a denial of service (memory exhaustion), as well as CVE-2022-3623, a race condition discovered in the hugetlb implementation that could allow a local attacker to either cause a denial of service (system crash) or expose sensitive information (kernel memory).

Four other use-after-free vulnerabilities affected Ubuntu 22.10 systems running Linux kernel 5.19. These are CVE-2022-3910, discovered in the io_uring subsystem, CVE-2022-3977, discovered in the MCTP implementation, CVE-2022-41849, discovered in SMSC UFX USB driver, and CVE-2022-41850, discovered in the Roccat HID driver. These could allow local (or physically proximate in the case of CVE-2022-41849) attackers to cause a denial of service (system crash) or possibly execute arbitrary code.

Since these are massive kernel updates, Canonical urges all Ubuntu users to install the new kernel versions (linux-image 5.19.0.28.25 for Ubuntu 22.10, linux-image 5.15.0-57.63 for Ubuntu 22.04 LTS, linux-image 5.15.0-57.63~20.04.1 and linux-image 5.4.0.136.134 for Ubuntu 20.04 LTS, linux-image 5.4.0.136.153~18.04.111 and linux-image 4.15.0.201.184 for Ubuntu 18.04 LTS) as soon as possible.

To update your installations to the new kernel versions, use the Software Updater graphical utility or run the sudo apt update && sudo apt full-upgrade commands in the Terminal app. After successfully installing the new kernel versions, reboot your computer and make sure that you rebuild and reinstall any third-party kernel modules that you might have installed.

Last updated 1 month ago